資安事件新聞週報 2019/12/2 ~ 2019/12/6






資安事件新聞週報  2019/12/2  ~  2019/12/6

1.重大弱點漏洞/後門/Exploit/Zero Day
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379

Linux漏洞將允許駭客挾持VPN連線
https://ithome.com.tw/news/134652

安全預警- 某些華為設備中存在DoS安全漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn

IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109

IBM DataPower Gateway 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621

HP Workstation BIOS安全特征问题漏洞
https://support.hp.com/us-en/document/c06318199

可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.chainnews.com/zh-hant/articles/215260357729.htm

索尼再現網站安全漏洞宣布關閉隱患網頁
https://nosec.org/home/detail/3252.html

GoAhead Web 服務器又現關鍵漏洞
https://www.chainnews.com/zh-hant/articles/100479860666.htm

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
https://thehackernews.com/2019/12/goahead-web-server-hacking.html

Zmanda Management Console 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19469

CVE-2019-19082 CrOS: Vulnerability reported in Linux kernel
https://bugs.chromium.org/p/chromium/issues/detail?id=1030084

卡巴斯基安全軟件被發現漏洞可為黑客提供簽名代碼執行
https://www.cnbeta.com/articles/tech/917585.htm

Vulnerabilities Disclosed in Kaspersky, Trend Micro Products
https://www.securityweek.com/vulnerabilities-disclosed-kaspersky-trend-micro-products

Kaspersky Secure Connection - DLL Preloading and Potential Abuses (CVE-2019-15689)
http://bit.ly/2LrR5WC

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software
https://zd.net/38gaVhh

OpenBSD patches authentication bypass, privilege escalation vulnerabilities
https://zd.net/2OVvmIL

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html

The most copied StackOverflow Java code snippet contains a bug
https://zd.net/2YnVHlN

2.銀行/金融/保險/證券/支付系統/ 新聞及資安
金融科技展比炫 樂天銀行先搬日本純網銀服務搶先體驗
https://ec.ltn.com.tw/article/breakingnews/2993618

開放API第二階段望明年開放 客戶查詢帳戶資料更方便
https://money.udn.com/money/story/5613/4195075

IBM主機、中菲電腦帳務系統助攻,大昌證券推創新證券服務
https://www.cw.com.tw/article/article.action?id=5097924

樂天純網銀趕進度 最快6月開業
https://udn.com/news/story/7239/4196225

徵信科技唯一業者 CRIF中華徵信所秀TSP強項
https://www.chinatimes.com/realtimenews/20191129004544-260410?chdtv

13國FinTech新創齊聚台北金融科技展 機器人與區塊鏈吸睛
https://www.ctimes.com.tw/DispNews/tw/fintech/1911292004T3.shtml

英國來台推銷「金融科技聯盟」
https://www.chinatimes.com/realtimenews/20191129004409-260410?chdtv

純網銀最快明年第2季開業 國泰金總座李長庚不擔心衝擊
https://www.nownews.com/news/20191129/3786884/

LINE參2019台北金融科技展 秀日本用戶積分服務小額借貸
https://www.nownews.com/news/20191129/3786198/

歐洲央行副行長Guindos:全球金融穩定環境面臨挑戰
https://news.sina.com.tw/article/20191130/33496240.html

證交所推「逐筆交易」 台北金融科技展亮相
https://www.setn.com/News.aspx?NewsID=645369

FinTech Taipei2019台北金融科技展 財金公司「開放互通.數位創新」展區
https://news.sina.com.tw/article/20191129/33496004.html

LINE Bank評估推3大服務 首年拚數百萬用戶
https://udn.com/news/story/7239/4194706

金融科技展世貿競技 LINE Bank Q2底開業
https://www.cardu.com.tw/news/detail.php?39538

三家純網銀首度同臺亮相,LINE Bank拚明年6月開業、樂天商銀要緊貼樂天生態圈
https://www.ithome.com.tw/news/134518

驗證碼洩露卡被盜刷銀行擔責七成
https://www.chinanews.com/sh/2019/12-01/9021672.shtml

溢繳卡款逾50萬 金管會查洗錢 私菸案條款上路 銀行反彈:增成本惹民怨
https://tw.appledaily.com/highlight/20191202/UQGKAAVIWZXDHBF5B267OFHR5U/

FinTechSpace園區館展現8大金融共創成果
https://money.udn.com/money/story/5636/4198808

金融科技結合生態圈,樂天國際商業銀行2019科技展登場
https://ipop.sina.com.tw/posts/439200

雲端業最想爭取的客戶:開放金融資料上雲後,銀行業如何迎來數位轉型
https://www.inside.com.tw/article/18241-2019ESUN-FHC-fintech-talent2

林國良:資料交換 架高速公路
https://udn.com/news/story/7239/4201285?from=udn-ch1_breaknews-1-cate6-news

現場查獲500多張銀行卡詐騙團伙用網站漏洞獲利30餘萬元
http://news.xmnn.cn/xmnn/2019/12/03/100634282.shtml

《金融》星展銀導入API對接,自動化零時差理賠付款
http://bit.ly/2OM26V3

系統更新引風暴 南山人壽給金融業寶貴一課
https://money.udn.com/money/story/5613/4203309

數位金融的資安防護│ FinTech eMBA協力共創工作坊105期
http://bit.ly/2Rf8uFL

畢馬威:銀行網絡安全需加快升級
http://paper.wenweipo.com/2019/12/04/MC1912040005.htm

星展銀攜手安聯人壽導入API對接 零時差即時理賠付款
https://www.ettoday.net/news/20191203/1593343.htm

邁開職涯規劃起步 中國科大財金系校外教學提升學生金融科技專業
http://n.yam.com/Article/20191204920976

網路犯罪集團覬覦的銀行與金融業
https://blog.trendmicro.com.tw/?p=62446

網銀元年熱身戰 金融行動服務大打AI牌
https://tw.nextmgz.com/realtimenews/news/485316

數位身份檔案 未來銀行經營核心
http://bit.ly/2OTePoG

中信金、富邦銀混搭小新創的新銀行年代 區塊鏈錢包、超AI客服 4大金融科技明年改變你生活
https://money.udn.com/money/story/5613/4207670

排除資安、信心風險 AI助攻純網銀系統優勢
https://udn.com/news/story/6868/4209394

一小時轉移 89 億美元比特幣?!Bittrex 否認交易所遭駭客入侵
https://blockcast.it/2019/12/06/almost-9b-of-btc-moved-in-1-hour-hack-attacks-denied

2020純網銀來襲
https://udn.com/news/story/6868/4209357

全球銀行風險報告 業者憂遭網路戰波及
https://udn.com/news/story/7238/4208414

直追北韓「超級假美鈔」!美國秘勤局認證 台1100萬偽鈔與兆豐銀換鈔案同款
https://www.ettoday.net/news/20191206/1596084.htm

Web skimmer phishes credit card data via rogue payment service platform
http://bit.ly/2PjXzIh

Forget cybersecurity, it’s “hardsec” that will reinvent banking
http://bit.ly/33ZC9W1

3.電子支付/電子票證/行動支付/ pay/新聞及資安
迎接金融科技/劉燈城:電子支付 要安全便利
https://udn.com/news/story/7239/4201290

台灣人為何不愛行動支付? 行家揭暗黑真相:不敢用正常
https://www.nownews.com/news/20191203/3793722/

中小企支付系統存風險 全雲端保安部署助推動業務
http://bit.ly/2qqHyb1

4.虛擬貨幣/區塊鍊相關新聞及資安
智能合約之父:受信任第三方與安全漏洞
http://jiedion.com/portal.php?mod=view&aid=3407

教北韓用虛擬貨幣 前駭客在美被捕
https://www.cna.com.tw/news/aopl/201911300126.aspx

助北韓規避美國制裁被捕 知名駭客恐判刑20年
https://ec.ltn.com.tw/article/breakingnews/2994364

竊電挖5.41枚比特幣 判6個月沒收217萬追償6500萬
https://udn.com/news/story/7321/4197251

科技連結生活!區塊鏈技術研究團隊首度曝光
https://www.setn.com/News.aspx?NewsID=645435

他帶1500萬現金欲買泰達幣 台南高鐵站前2分鐘被劫走
http://bit.ly/2r0XFwj

泰達幣是什麼?男千萬現金交易慘被搶
http://bit.ly/2rGm3mW

台南虛擬貨幣強盜案 1嫌20萬交保3嫌聲押
http://bit.ly/2DDiKQ7

虛擬幣隱密難追蹤 犯罪集團「新歡」
https://udn.com/news/story/7315/4199304

今年前9個月全球加密貨幣盜竊量激增達44億美元
http://bit.ly/2Pgpvga

交易所遭駭不再是崩盤指標,區塊鏈標記系統可防治金融犯罪
https://blockcast.it/2019/12/02/blockchain-tracking-system-could-prevent-financial-crimes/

8家交易所持有超過195萬個BTC,加密貨幣投資者直呼太危險
https://news.knowing.asia/news/2121147c-3dbb-4427-b8f8-d2816c7765b4

安卓系統潛藏 StrandHogg 漏洞!資安業者:可讓駭客竊取加密錢包資訊
http://bit.ly/2sSQFlN

讓付款更輕鬆!開發者提議為比特幣建造一個新帳戶系統
https://news.knowing.asia/news/92354cb3-3270-419b-b089-4a518533384d

法院批准了瑞典的 Nordea 銀行禁止員工交易及持有加密貨幣的禁令
http://bit.ly/2qqr9U0

區塊鏈解東京奧運兩難題
http://bit.ly/2OTI0Im

科技連結生活!區塊鏈技術團隊曝光
http://bit.ly/2PoVnz8

智能合约安全与漏洞分析(四)
https://cloud.tencent.com/developer/article/1549563

米FBIがイーサリアム開発者を逮捕
https://crypto.watch.impress.co.jp/docs/news/1221722.html

5.資安事件新聞

A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式
Ginp銀行木馬使用螢幕覆蓋攻擊,竊取帳密和信用卡資料
https://blog.trendmicro.com.tw/?p=62820

阿根廷政府數據中心被勒索軟體攻擊,駭客要求支付比特幣
https://life.tw/?app=view&no=1007899

利用預判式機器學習技術交叉關聯靜態與動態行為特徵,實現更快、更精準的惡意程式偵測
https://blog.trendmicro.com.tw/?p=62678

Microsoft: Malware, ransomware, and cryptominer detections are down in 2019
https://zd.net/36aRqVO

Security Firm Prosegur Hit By Ryuk Ransomware
https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456

The Threat of Ransomware and Doxing
https://www.bankinfosecurity.com/interviews/threat-ransomware-doxing-i-4528

Security Firm Prosegur Hit By Ryuk Ransomware
https://www.bankinfosecurity.com/security-firm-prosegur-hit-by-ryuk-ransomware-a-13456

Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825

New SectopRAT Trojan creates hidden second desktop to control browser sessions
https://www.zdnet.com/article/new-sectoprat-malware-creates-hidden-second-desktop-to-control-browser-sessions/

New SectopRAT: Remote access malware utilizes second desktop to control browsers
https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers

全球警方聯手摧毀惡意的遠端存取工具Imminent
https://www.ithome.com.tw/news/134548

Authorities take down 'Imminent Monitor' RAT malware operation
https://www.zdnet.com/article/authorities-take-down-imminent-monitor-rat-malware-operation/#ftag=RSSbaffb68

INTERNATIONAL CRACKDOWN ON RAT SPYWARE WHICH TAKES TOTAL CONTROL OF VICTIMS’ PCS
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs

Europol Shuts Down 'Imminent Monitor' RAT Operations With 13 Arrests
https://thehackernews.com/2019/11/europol-imminent-monitor-rat.html

Emotet - What's Changed
https://www.netscout.com/blog/asert/emotet-whats-changed

Ransomware Attacks on Businesses Have Doubled in 2019
https://www.webtitan.com/blog/ransomware-attacks-on-businesses-have-doubled-in-2019/

Massive Malvertising Campaign Uses Zero Day Exploit to Deliver Malware
https://www.webtitan.com/blog/massive-malvertising-campaign-uses-zero-day-exploit-to-deliver-malware/

マルウエア Emotet の感染に関する注意喚起
https://www.jpcert.or.jp/at/2019/at190044.html

Threat Analysis Unit (TAU) Threat Intelligence Notification: Ramnit Banking Trojan
https://malware.news/t/threat-analysis-unit-tau-threat-intelligence-notification-ramnit-banking-trojan/34825

Ingredion to deduct wages from employee paychecks following malware attack
http://bit.ly/2rYgkJs

61% of malicious ads target Windows users
https://www.zdnet.com/article/61-of-malicious-ads-target-windows-users/#ftag=RSSbaffb68

Beware of Thanksgiving eCard Emails Distributing Malware
https://www.bleepingcomputer.com/news/security/beware-of-thanksgiving-ecard-emails-distributing-malware/

PureLocker: the unusual ransomware that encrypts servers
https://www.pandasecurity.com/mediacenter/security/purelocker-ransomware-servers/

European International Airport Workstations Infected With Persistent Anti-CoinMiner Malware
http://bit.ly/2Lu2h5k

2019-12-02 - PCAP AND MALWARE FOR AN ISC DIARY (URSNIF INFECTION WITH DRIDEX)
https://www.malware-traffic-analysis.net/2019/12/02/index.html

TrickBot Widens Infection Campaigns in Japan Ahead of Holiday Season
https://securityintelligence.com/posts/trickbot-widens-infection-campaigns-in-japan-ahead-of-holiday-season/

A decade of malware: Top botnets of the 2010s
https://www.zdnet.com/article/a-decade-of-malware-top-botnets-of-the-2010s/#ftag=RSSbaffb68

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
http://bit.ly/2PjDoKz

This trojan malware is being used to steal passwords and spread ransomware
https://www.zdnet.com/article/this-trojan-malware-is-being-used-to-steal-passwords-and-spread-ransomware/

Meet PyXie: A Nefarious New Python RAT
https://threatvector.cylance.com/en_us/home/meet-pyxie-a-nefarious-new-python-rat.html

PyXie RAT Trojan Malware Steals Credentials, Keylogs, Records Videos On Target Windows PCs
https://hothardware.com/news/pyxie-rat-trojan-discovered

Ginp Trojan Targets Android Banking App Users, Steals Login Credentials and Credit Card Details
http://bit.ly/2rZ4nmG

The latest variant of the new Ginp Android Trojan borrows code from Anubis
https://securityaffairs.co/wordpress/94533/cyber-crime/ginp-android-trojan-anubis.html

The Role of Evil Downloaders in the Android Mobile Malware Kill Chain
https://securityintelligence.com/posts/the-role-of-evil-downloaders-in-the-android-mobile-malware-kill-chain/

Two malicious Python libraries caught stealing SSH and GPG keys
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/#ftag=RSSbaffb68

Microsoft: Malware, ransomware, and cryptominer detections are down in 2019
https://www.zdnet.com/article/microsoft-malware-ransomware-and-cryptominer-detections-are-down-in-2019/#ftag=RSSbaffb68

New Malware Campaign Uses Trojanized 'Tetris' Game: Report
https://www.bankinfosecurity.com/new-malware-campaign-uses-trojanized-tetris-game-report-a-13465

Notorious spy tool taken down in global operation
https://www.welivesecurity.com/2019/12/03/notorious-rat-spy-tool-global-operation/

ClamAV team shows off new Mussels dependency build automation tool
https://blog.talosintelligence.com/2019/12/clamav-team-shows-off-new-mussels.html

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector
https://thehackernews.com/2019/12/zerocleare-data-wiper-malware.html

B.行動安全 / iPhone / Android /穿戴裝置 /App
開源廠商開發仿真器讓虛擬機秒變iPhone 蘋果:快收手
https://www.cnbeta.com/articles/tech/916345.htm

WhatsApp訊息自動刪除功能再更新 可自訂清洗時間日子
http://bit.ly/33z08LC

LINE台灣開發者大會 聚焦五大領域
http://bit.ly/2r042zS

監控再升級!中國今起買手機註冊門號得做臉部辨識
https://www.rti.org.tw/news/view/id/2043396

中國辦手機將強制「刷臉」監控 網民痛批「政府是在怕什麼?」
https://times.hinet.net/news/22677089

外/媒:中共監控國民 將手機武器化
http://bit.ly/35VDVt0

360互聯網安全中心:2019上半年安卓系統安全性生態環境研究
http://bit.ly/37Rv1yg

WhatsApp 被駭客入侵 印度準備對其進行安全審查
https://unwire.pro/2019/12/03/india-plans-security-audit-of-whatsapp/security/

可偽裝成正常應用程序,安卓又見新型漏洞Strandhogg
https://www.expreview.com/71913.html

FBI:視所有俄製Apps為潛在反間諜威脅
https://hk.on.cc/hk/bkn/cnt/amenews/20191203/bkn-20191203151021570-1203_00972_001.html

Android再爆漏洞 黑客假冒合法程式監控用戶
https://inews.hket.com/article/2512464

安卓高危漏洞讓500款應用中招,還教會了銀行木馬“隔山打牛”
https://www.leiphone.com/news/201912/yy2Xu5INwE0tQTbN.html

安卓手機存在漏洞嗎?別讓你的手機被人監視,網友:趕快去看
https://kknews.cc/tech/zylmx6p.html

安卓系統出現嚴重的漏洞,大部分亞太地區熱門的應用程序都容易受到攻擊
http://bit.ly/2RsoWT6

德國電訊叫停 5G 設備採購交易!待德政府決定會否禁華為參與
http://bit.ly/2DQBw6J

TrueDialog洩露千萬用戶數據谷歌修復安卓DoS漏洞
https://zhuanlan.zhihu.com/p/95591776

黑客藉假冒合法App 監控Android用戶
http://bit.ly/2RqekUQ

報告:Android漏洞允許黑客竊取加密錢包信息
https://kknews.cc/tech/gpxal6m.html

全球的Android系統漏洞可能會導致加密錢包和銀行數據被盜
http://www.528btc.com/blocknews/59170.html

事實證明,竊取比特幣錢包數據的漏洞對另外500個Android應用程序來說是危險的
https://0xzx.com/201912042304397751.html

逾八成購物程式不安全… 小心手機購物「賣掉」個資
https://money.udn.com/money/story/12524/4207756

IDC:5G 設施用中國,資安用另一國家方案的混合模式成部分國家的選項
http://bit.ly/34RZKtb

荷蘭將拍賣 5G 頻譜估進帳 9 億歐元,關注資安隱憂
http://technews.tw/2019/12/06/netherlands-to-auction-5g-spectrum/

iPhone 11 默默蒐集用戶定位? 蘋果官方回應:正常系統行為
https://newtalk.tw/news/view/2019-12-06/336730

Android 重大漏洞可致永久 DoS?用戶應盡快更新系統
http://bit.ly/2YoGbGl

New Facebook Tool Let Users Transfer Their Photos and Videos to Google
https://thehackernews.com/2019/12/facebook-google-photos-data.html

A Team of Hackers Created an Advanced Scheme Using SMS’s to Attack Smartphones by Phishing
https://www.msuiche.net/hackers-created-scheme-sms-attack-smartphones-phishing/

Russia's ‘Sandworm’ Hackers Also Targeted Android Phones
https://www.wired.com/story/sandworm-android-malware/

Smartphones hotspots of cyberattacks in India: Check Point
https://telecom.economictimes.indiatimes.com/news/smartphones-hotspots-of-cyberattacks-in-india-check-point/72315524

Android 'spoofing' bug helps targets bank accounts
https://www.bbc.com/news/technology-50605455?intlink_from_url=&link_location=live-reporting-story

Android: New StrandHogg vulnerability is being exploited in the wild
https://www.zdnet.com/article/android-new-strandhogg-vulnerability-is-being-exploited-in-the-wild/#ftag=RSSbaffb68

This cheap gadget can stop your smartphone or tablet being hacked at an airport, hotel or cafe
https://zd.net/33YNHZI

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild
https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html

80% of all Android apps encrypt traffic by default
https://www.welivesecurity.com/2019/12/05/80-percent-android-apps-encrypt-traffic/

C.事件 / 駭客 / DDOS / APT / 雲端/暗網/徵才 / 國際資安事件
工程師都愛的萊娜小姐 究竟是誰
https://www.digitimes.com.tw/col/article.asp?id=1129

微軟員工爆:現在Windows 7、8.1還可以免費升級Windows 10
https://ithome.com.tw/news/134543

商務人士自我保護、避免資安攻擊的10個方法:上篇
https://tuna.press/?p=13619

臉書用戶帳號遭到駭客盜用,以投放違禁品廣告
https://www.ithome.com.tw/news/134651

網路攻擊與金錢支助
https://talk.ltn.com.tw/article/paper/1337071

SF2伺服器遭受駭客攻擊,資料損壞,全體玩家道具、等級全數消失
https://forum.gamer.com.tw/C.php?bsn=60076&snA=5439362&tnum=1

《SF2 Online》玩家資料全洗白救不回,官方宣稱遭駭客入侵
https://tw.pikolive.com/news/4gamers/41362/sf2-online-user-data-all-gone

沒有節操的駭客組織排行,看這些就對了
https://ek21.com/news/tech/161544/

CIS 2019:騰訊安全聚焦前沿攻防技術,分享八大實踐經驗
https://www.csdn.net/article/a/2019-12-03/15985209

FBI警告智能電視機易被駭客攻擊
http://bit.ly/34QTjXi

FBI告誡智能電視用戶:請用黑膠帶遮鏡頭
https://www.ntdtv.com/b5/2019/12/03/a102721398.html

「薅羊毛」黑灰產鏈調查:犯罪群體低齡化明顯
https://news.sina.com.tw/article/20191203/33522098.html

獨家探訪華為布魯塞爾網絡安全透明中心能看到深圳總部源代碼
https://www.yicai.com/news/100421426.html

資安戰隊發另類年終 高貢獻度隊員可領逾5萬
https://www.cna.com.tw/news/ait/201912010114.aspx

層層掩護下的十多個 APT33 殭屍網路,鎖定亞洲在內的特定目標
https://blog.trendmicro.com.tw/?p=62824

Google發布關於國家駭客的攻擊報告
https://ek21.com/news/tech/161943/

《資訊戰爭》:網路永遠改變了混合戰,讓「格拉西莫夫準則」更為切合實際
https://www.thenewslens.com/article/127942

《資訊戰爭》導讀:我們已進入「民主危機浮現、民粹指控成常態」的準戰爭狀態
https://www.thenewslens.com/article/127941

衝著華為?印度擬限制外企參與資安產業
https://newtalk.tw/news/view/2019-12-02/334901

貿易戰下 台灣在國際資安產業凸顯角色
https://www.cna.com.tw/news/afe/201912030059.aspx

中國再祭網路大炮 試圖癱瘓香港連登論壇
https://udn.com/news/story/120538/4210163

北韓駭客小組,可能藏身於惡意軟體化身的假冒加密網站背後
http://bit.ly/2s2UPXE

調查外國干預 澳洲鎖定社群媒體平台
http://bit.ly/2qsrrtH

俄駭客網路竊取數千萬美元 在美被起訴
https://money.udn.com/money/story/5599/4209124

網攻造成1億多美元損失美FBI宣布俄頭號網絡通緝犯
https://m.soundofhope.org/post/319504

俄駭客網路竊取數千萬美元 在美被起訴
https://www.rti.org.tw/news/view/id/2043986

美懸賞500萬美元 俄高富帥駭客成全球頭號通緝犯
https://newtalk.tw/news/view/2019-12-06/336573

美國起訴並制裁散布金融惡意程式的俄羅斯駭客,發出500萬美元的高額懸賞
https://www.ithome.com.tw/news/134646

懸賞160萬元獎金!新加坡政府邀白帽駭客揪12個官方系統的資安漏洞
https://www.bnext.com.tw/article/55660/hackers-to-test-singapore-12-govt-systems-in-bug-bounty-programme

中國國內首家!騰訊「TSRC安全情報平台」免費開放
https://news.sina.com.tw/article/20191206/33574640.html

Google: Government-Backed Hackers Targeted 12,000 Users
https://www.bankinfosecurity.com/google-government-backed-hackers-targeted-12000-users-a-13458

Rise in Cyberattacks on Law Firms Highlights Need for Additional Security Layers
https://www.spamtitan.com/web-filtering/cyberattacks-on-law-firms-need-additional-security-layers/

Ciberdelitos: se registran 49 amenazas por minuto en la Argentina
https://www.lanacion.com.ar/seguridad/ciberdelitos-se-registran-49-amenazas-por-minuto-en-la-argentina-nid2311456

Russian hackers switched from Russian banks to foreign ones
https://www.ehackingnews.com/2019/12/russian-hackers-switched-from-russian.html

Surviving a Breach: 8 Incident Response Essentials
https://www.bankinfosecurity.com/surviving-breach-8-incident-response-essentials-a-13460

Trend Micro alerta de una escalada de riesgo
https://www.channelpartner.es/fabricantes/noticias/1115581001102/trend-micro-alerta-de-escalada-de-riesgo.1.html

Remember the viral app that aged you? FBI slams FaceApp as counterintelligence threat
https://www.zdnet.com/article/remember-the-viral-app-that-aged-you-fbi-slams-faceapp-as-counterintelligence-threat/#ftag=RSSbaffb68

Hackers Can Access, Manipulate Your Biometric Data Using Sophisticated Malware Attack
https://www.republicworld.com/technology-news/science/hackers-biometric-data-malware-attack.html

Authorities Dismantle Transnational Cybercrime Group
https://stockdailydish.com/authorities-dismantle-transnational-cybercrime-group/

Retailers, prepare wisely: DDoS remains a holiday threat
https://www.zdnet.com/article/retailers-prepare-wisely-ddos-remains-a-holiday-threat/#ftag=RSSbaffb68

Retailers, Prepare Wisely: DDoS Remains A Holiday Threat
https://go.forrester.com/blogs/retailers-prepare-wisely-ddos-remains-a-holiday-threat/

China resurrects Great Cannon for DDoS attacks on Hong Kong forum
https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/#ftag=RSSbaffb68

Europol Shuts Down Over 30,500 Piracy Websites in Global Operation
https://thehackernews.com/2019/12/counterfeit-piracy-websites.html

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users
https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html

Top 5 Cybersecurity and Cybercrime Predictions for 2020
https://thehackernews.com/2019/12/cybersecurity-predictions-2020.html

資訊工程師
https://www.104.com.tw/job/6sr0j

櫃買中心徵才 12╱18截止
http://bit.ly/2OD90M0

資安軟體研發工程師
https://www.cakeresume.com/companies/blockchain-security/jobs/software-development-engineer-b97b9e

臺中市政府社會局招聘資安人員
http://www.1111edu.com.tw/edu_mobile/civil/detail.php?autono=62733

資安維運工程師 Security Operations Engineer (SecOps)
https://www.104.com.tw/job/6p2ar?jobsource=n104bank2

資安管理師/資安主管
https://www.104.com.tw/job/6smcw?jobsource=joblist_morej

〔資訊〕資訊安全管理師(台北)
https://www.104.com.tw/job/5gcqu?jobsource=joblist_morej

招聘| 阿里巴巴招聘情報體系專家
https://www.anquanke.com/post/id/194205

新安東京海上產物保險股份有限公司 資安管理人員
https://fel.cycu.edu.tw/wSite/public/Data/f1575513125078.pdf

D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞
「LINE 8種貼圖免費抽」 小心詐騙個資被偷光
https://www.nownews.com/news/20191128/3784860/

假新聞網站騙廣告 網址洩端倪
https://news.ltn.com.tw/news/world/paper/1335911

網購防詐騙 趨勢科技提出三種「防詐策略」
https://udn.com/news/story/7239/4199697

上億美國人的個人數據被駭客竊取
https://ek21.com/news/tech/162210/

加州少女告抖音 沒帳號卻疑遭蒐集個資
https://www.ntdtv.com/b5/2019/12/03/a102721512.html

多重身份驗證市場:2019-2025年全球行業報告分析,機遇和預測
http://bit.ly/2OZk1Yt

日本發生有史以來最大的個資洩漏事件
https://moptt.tw/p/Tech_Job.M.1575603850.A.958

中國網上公開販售人臉數據 黑色產業鏈悄然形成
https://www.cna.com.tw/news/firstnews/201912060127.aspx

詐騙集團假冒國內企業與機關網站事件不斷,近期中華郵政、鉅亨網與經濟部相繼發出警告
https://www.ithome.com.tw/news/134619

中國電信再次被曝重大漏洞可查上億用戶信息已關停相關服務器
https://finance.sina.com.cn/stock/relnews/us/2019-12-06/doc-iihnzahi5728865.shtml

Top gadgets for the security and privacy conscious (or the super paranoid!)
https://www.zdnet.com/article/top-gadgets-for-the-security-and-privacy-conscious-or-the-super-paranoid/#ftag=RSSbaffb68

Data of 21 million Mixcloud users put up for sale on the dark web
https://www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/#ftag=RSSbaffb68

Report: Millions of Americans at Risk After Huge Data and SMS Leak
https://www.vpnmentor.com/blog/report-truedialog-leak/?=truedialog-exposed-data

Mixcloud Breach Affects 21 Million Accounts
https://www.bankinfosecurity.com/mixcloud-breach-affects-21-million-accounts-a-13461

Most Brazilians believe companies don't protect their personal data
https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68

Credit, Debit Card Fraud: Here is how you can avoid it and stay safe
https://www.financialexpress.com/money/credit-debit-card-fraud-here-is-how-you-can-avoid-it-and-stay-safe/1782078/

5 personal (and cheap) data privacy tools that scale for business
https://www.welivesecurity.com/2019/12/02/5-personal-cheap-data-privacy-tools-business/

Smith & Wesson Web Site Hacked to Steal Customer Payment Info
https://www.bleepingcomputer.com/news/security/smith-and-wesson-web-site-hacked-to-steal-customer-payment-info/

PAYMENT SKIMMERS TARGET SANGUINE
https://sansec.io/labs/2019/12/02/magecart-hackers-target-sanguine/

Most Brazilians believe companies don't protect their personal data
https://www.zdnet.com/article/most-brazilians-believe-companies-dont-protect-their-personal-data/#ftag=RSSbaffb68

Face scanning – privacy concern or identity protection
https://www.welivesecurity.com/2019/12/05/face-scanning-privacy-concern-identity-protection/

E.研究報告
Real World CTF技術論壇將啟極客嘉年華重磅來襲
https://www.csdn.net/article/a/2019-11-28/15984994

從滲透測試到漏洞掃描看我們如何對網站做安全防護
http://blog.itpub.net/31542418/viewspace-2666796/

從零淺析漏洞:文件讀取與下載漏洞
http://bit.ly/2qb41sI

CVE-2019-16759:vBulletin預認證遠程代碼執行漏洞分析
https://www.freebuf.com/vuls/218880.html

從lodash原型污染安全漏洞深入理解JavaScript原型機制
https://juejin.im/post/5ddfb304e51d4532d667b719

黑客漏洞利用知識點“Apache SoIrRCE漏洞分析”
https://zhuanlan.zhihu.com/p/94359495

Android勒索病毒分析(上)
https://paper.seebug.org/1085/

2020 年DevOps 的七大發展趨勢
https://www.cnbeta.com/articles/tech/916629.htm

Reverse Engineering iOS Applications
https://paper.seebug.org/1084/

月光再臨——MoonLight組織針對中東地區的最新攻擊活動剖析
https://ti.qianxin.com/blog/articles/anatomy-of-moonLight-attack-on-the-middle-east/

Google OpenTitan,硬件安全的泰坦之箭
https://security.tencent.com/index.php/blog/msg/138

【Java代碼審計入門-02】SQL擴展原理與實際案例介紹
https://xz.aliyun.com/t/6872

網站安全滲透測試基礎知識點大全
https://www.admin5.com/article/20191203/936171.shtml

可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.4hou.com/vulnerable/21868.html

[經典技研堂] 誤打誤撞的出身 史上第一台小筆電:Asus EPC 701
https://www.cool3c.com/article/149556

追溯朝鮮APT組織Lazarus的攻擊歷程
https://www.freebuf.com/articles/system/221008.html

IIS短文件名洩露
https://cloud.tencent.com/developer/article/1547737

WebFuzzing 方法和漏洞案例總結
https://www.chainnews.com/zh-hant/articles/260879316797.htm

StrandHogg安卓漏洞分析
https://www.4hou.com/vulnerable/21903.html

揭秘美國網絡安全體系架構
https://www.freebuf.com/articles/network/221852.html

Strandhogg漏洞:Android系統上的維京海盜
https://www.freebuf.com/news/221933.html

針對Steam平台的攻擊分析
https://www.freebuf.com/articles/network/218771.html

Windows與Linux雙平台無文件攻擊:PowerGhost挖礦病毒最新變種感染多省份
https://www.freebuf.com/articles/system/219715.html

不傳之密:殺毒軟件開發,原理、設計、編程實戰
https://www.freebuf.com/articles/system/220061.html

Hack the box靶機實戰:Haystack
https://www.freebuf.com/articles/web/219163.html

挖礦處置手冊:安全研究員的套路都在這兒了
https://www.freebuf.com/articles/system/220132.html

阻擊“幻影”行動:奇安信斬斷東北亞APT組織“虎木槿”伸向國內重要機構的魔爪
https://www.freebuf.com/column/222127.html

黑客漏洞ssrf模糊匹配工具使用"Ssrfmap"
https://zhuanlan.zhihu.com/p/95590262

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
http://bit.ly/2PjDoKz

Kilos: The Dark Web’s Newest – and Most Extensive – Search Engine
https://intsights.com/blog/kilos-the-dark-webs-newest-and-most-extensive-search-engine

Port Cybersecurity - Good practices for cybersecurity in the maritime sector
https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector/

Imtiazkarimik23/ATFuzzer
https://github.com/Imtiazkarimik23/ATFuzzer

MITRE ATT&CK Website
https://attack.mitre.org
https://github.com/mitre-attack/attack-website

anonaddy/anonaddy
https://github.com/anonaddy/anonaddy

Product Warning! Chinese children’s watch reveals thousands of children’s data
https://www.iot-tests.org/2019/11/product-warning-chinese-childrens-watch-reveals-thousands-of-childrens-data/

Smartwatch exposes locations and other data on thousands of children
https://www.welivesecurity.com/2019/11/29/smartwatch-exposes-location-data-children/

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/

Threat Hunting or Efficiency: Pick Your EDR Path
https://securingtomorrow.mcafee.com/enterprise/endpoint-security/threat-hunting-or-efficiency-pick-your-edr-path/

Sextortion scammers getting creative
https://blog.malwarebytes.com/cybercrime/2019/11/sextortion-scammers-getting-creative/

Threat Hunting with Function Imports
https://practicalsecurityanalytics.com/threat-hunting-with-function-imports/

m4ll0k/BurpSuite-Secret_Finder
https://github.com/m4ll0k/BurpSuite-Secret_Finder//

Red Team Diary, Entry #1: Making NSA’s PeddleCheap RAT Invisible
https://medium.com/@d.bougioukas/red-team-diary-entry-1-making-nsas-peddlecheap-rat-invisible-f88ccbdc484d

Red Team Diary, Entry #2: Stealthily Backdooring CMS Through Redis’ Memory Space
https://medium.com/@d.bougioukas/red-team-diary-entry-2-stealthily-backdooring-cms-through-redis-memory-space-5813c62f8add

Red Team Diary, Entry #3: Custom Malware Development (Establishing A Shell Through the Target’s Browser)
https://medium.com/@d.bougioukas/red-team-diary-entry-3-custom-malware-development-establish-a-shell-through-the-browser-bed97c6398a5

Blue Team Diary, Entry #1: Leveraging Osquery For Enhanced Incident Response & Threat Hunting (Free Video Training)
https://medium.com/@d.bougioukas/blue-team-diary-entry-1-leveraging-osquery-for-enhanced-incident-response-threat-hunting-70935538c9c3

To Survive a Data Breach, Create a Response Playbook
https://www.bankinfosecurity.com/to-survive-data-breach-create-response-playbook-a-13459

Report: APT gang increased cyberattacks on businesses in Q3
https://www.techrepublic.com/article/report-apt-gang-increased-cyberattacks-on-businesses-in-q3/

Teardown: Windows 10 on ARM - x86 Emulation
https://threatvector.cylance.com/en_us/home/teardown-windows-10-on-arm-x86-emulation.html

Analysis of Malicious ElectrumX Servers Source Code
http://www.peppermalware.com/2019/12/analysis-of-malicious-electrumx-servers.html

Newlib Unlink Heap Exploitation
https://blog.infosectcbr.com.au/2019/12/newlib-unlink-heap-exploitation.html

ATT&CK Website Docker
https://blacksmith.readthedocs.io/en/latest/attack_website_docker.html

SASM - simple crossplatform IDE for NASM, MASM, GAS and FASM assembly languages
https://github.com/Dman95/SASM

pdb++, a drop-in replacement for pdb (the Python debugger)
https://github.com/pdbpp/pdbpp

relentless-warrior/5GReasoner
https://github.com/relentless-warrior/5GReasoner

Exploiting XSS with 20 characters limitation
https://jlajara.gitlab.io/posts/2019/11/30/XSS_20_characters.html

Public SSH keys can leak your private infrastructure
https://rushter.com/blog/public-ssh-keys/

A tool for in-depth analysis of USB HID devices communication
https://github.com/ondrejbudai/hidviz

Easier Node.js streams via async iteration
https://2ality.com/2019/11/nodejs-streams-async-iteration.html

CTF box with most tools installed
https://github.com/boogy/ctfbox

Kerberos Domain Username Enumeration
https://www.attackdebris.com/?p=311

Backreferences in JavaScript regular expressions
https://www.stefanjudis.com/today-i-learned/backreferences-in-javascript-regular-expressions/

Extending IDA processor modules for GDB debugging
http://www.hexblog.com/?p=1371

dsdump
https://derekselander.github.io/dsdump/

Attack Monitor - Endpoint Detection And Malware Analysis Software
https://www.kitploit.com/2019/11/attack-monitor-endpoint-detection-and.html

Shellcoding: Finding EIP/RIP
https://blog.xenoscr.net/Finding-EIP/

Checkm8, Checkra1n and the new "golden age" for iOS Forensics
https://blog.digital-forensics.it/2019/11/checkm8-checkra1n-and-new-golden-age.html

MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2
https://www.thezdi.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2

Win32 Shellcode - Hashed Reverse Shell
https://blackcloud.me/Win32-shellcode-hashed/

SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos
https://www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception

BlueHat-2019-Seattle
https://github.com/ga1ois/BlueHat-2019-Seattle

Threat Research FIDL: FLARE’s IDA Decompiler Library
https://www.fireeye.com/blog/threat-research/2019/11/fidl-flare-ida-decompiler-library.html

Threat Research Excelerating Analysis – Tips and Tricks to Analyze Data with Microsoft Excel
https://www.fireeye.com/blog/threat-research/2019/12/tips-and-tricks-to-analyze-data-with-microsoft-excel.html

Threat Research Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html

Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
http://bit.ly/2YpgpBY

Iranian hackers deploy new ZeroCleare data-wiping malware
https://www.zdnet.com/article/iranian-hackers-deploy-new-zerocleare-data-wiping-malware/#ftag=RSSbaffb68

New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
https://www.ibm.com/downloads/cas/OAJ4VZNJ

F.商業
SecBuzzer雲端資安情資服務平台
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=nhuy3AsZDkIy73PMgWUHLw__&fm_sqno=72

KubAnomaly:容器應用軟體資安診測與攻擊防禦系統
https://www.iii.org.tw/Product/TechLensDtl.aspx?tp_sqno=n9wnPK4y9LqvmWsiqrfoeg__&fm_sqno=72

資安業找新血 趨勢科技人資長:熱情學不來
https://www.cna.com.tw/news/afe/201912010075.aspx

GitHub 開源代碼分析引擎 CodeQL,同步啓動 3000 美元漏洞獎勵計劃
https://www.chainnews.com/zh-hant/articles/281213551749.htm

Check Point推出可加強IoT裝置韌體安全解決方案
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000573636_YB85W9164UEW205LH6EEC

0.3 秒快速領錢的關鍵在人臉辨識!NEC 強勢展出六大金融科技解決方案
https://buzzorange.com/techorange/2019/12/02/nec-facial-recognition/

【GREYCORTEX MENDEL人工智慧監控軟體】可補強SOC之不足 即時監控內部網路發現漏洞及提出警訊
https://www.bnext.com.tw/article/55720/greycortex-mendel-soc

UL:足夠資安評估 才能讓物聯遠離駭客攻擊
http://www.ctimes.com.tw/DispNews/tw/IOT/UL/1912031353N3.shtml

精誠攜手nCipher 進軍5G資安市場
https://udn.com/news/story/7240/4203242

精誠揪伴 攻資安防護
https://news.wearn.com/c392186.html

AiShield 在家戶網路大門設立網路檢查哨,讓家中所有連網設備都有防護罩
https://www.techbang.com/posts/74574-set-up-checkpoints-at-the-doors-of-the-homes-net-aishield

零壹科技積極參與台美跨國資安攻防演練 為捍衛資安防禦再創新頁
https://www.zerone.com.tw/Content/Product/7B74CD9ED3C72967

關貿網路新開發「資安閘門防護」 拚中小企業務
https://www.chinatimes.com/realtimenews/20191204003547-260410?chdtv

關貿網路搶資安商機 看準中小企業需求
https://www.setn.com/News.aspx?NewsID=648110

企業採用ISO 27001稽核程序,讓資安管理事半功倍
https://ithome.com.tw/pr/134604

大陸資安巨頭360 擬募資人民幣108億元
https://www.chinatimes.com/realtimenews/20191205005021-260410?chdtv

IBM 新專利防無人機包裹被盜 憑高度改變得知包裹動向
http://bit.ly/2PjjhMr

中華資安國際助企業抵禦多重威脅
https://www.digitimes.com.tw/iot/article.asp?cat=130&id=0000574156_T500D9LR63CR4S54Z39TT

缺技術、缺市場、缺人才都找他?專訪資策會,台灣數位內容產業幕後推手
https://technews.tw/2019/12/06/iii-digital-content-industry/

AWS公佈雲端防資料外洩、防詐欺工具
https://www.ithome.com.tw/news/134624

HackerOne awards $20,000 bug bounty for private data access vulnerability on its own platform
https://zd.net/2PlhHJX

Network security simplified with Amazon VPC Ingress Routing and Trend Micro
https://blog.trendmicro.com/network-security-simplified/

G.政府
教育部與趨勢科技攜手合作,打造網路守護天使2.0
https://www.techbang.com/posts/74575-ministry-of-education-and-trend-micro-work-together-to-create-cyberguardian-angel-20

國家資通安全情勢報告
http://bit.ly/2Y9vqaT

106-109年國家資通安全發展方案
http://bit.ly/360q5Wj

107年公務機關資安稽核概況報告
http://bit.ly/35IdPcK

國防部:營區平板有線連結軍網 不需無線網路
https://www.cna.com.tw/news/aipl/201912020232.aspx

值星官能用「接線」平板排哨了 國防部:部隊急需
https://udn.com/news/story/10930/4200915

買平板沒Wi-Fi無用? 國軍澄清:是用軍網
https://news.ltn.com.tw/news/politics/paper/1336351

不懂市價行情?國軍出手買平板一台預算近 5 萬元
https://3c.ltn.com.tw/news/38794

行政院5G專網頻譜規劃出爐
https://ithome.com.tw/news/134638

保障病安 強化資安 健保醫療資訊雲端系統為您把關
https://www.mohw.gov.tw/cp-16-50429-1.html

專家傳真-發行晶片身分證 請政府停看聽
http://bit.ly/34WAstL

防中共介選 台嚴查假訊息、地下匯兌
http://www.epochtimes.com/b5/19/12/6/n11704410.htm

因應5G時代 蔡總統:研議設立數位發展主管機關
https://www.ydn.com.tw/News/362792

5G專網頻譜政院通過 蘇貞昌:台灣將邁入5G世代
https://living.taronews.tw/2019/12/05/549912/

H.ICS/SCADA 工控系統
Schneider Electric Modbus Serial Driver資源管理錯誤漏洞
https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/

利用震網三代和某PLC漏洞組合攻擊工控系統
https://www.ics-cert.org.cn/portal/page/111/e0c2891ce6b948f5b291d68d2e3ed83d.html

防黑客攻擊車聯網聯合安全實驗室啟動
https://www.autohome.com.cn/news/201912/953885.html

ICS Advisory (ICSA-19-330-01) ABB Relion 670 Series
https://www.us-cert.gov/ics/advisories/icsa-19-330-01

LEN-27687 FPT Software 應對Texas Instruments TPS65988 USB Type-C Power Delivery Controller Driver 漏洞
http://iknow.lenovo.com/detail/dc_185930.html

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems
https://www.wired.com/story/iran-apt33-industrial-control-systems/

I.教育訓練
簡明 Linux Shell Script 入門教學
https://blog.techbridge.cc/2019/11/15/linux-shell-script-tutorial/

e科技的資安分析與關鍵證據: 數位鑑識
http://bit.ly/33RmYOZ

108 年度全國職場達人盃 資安實戰攻防競賽公開題目
http://bit.ly/33UOyKY

How to perform reverse engineering using IDA Pro
https://www.peerlyst.com/posts/how-to-perform-reverse-engineering-using-ida-pro-abhinav-singh?trk=search_page_search_result

Malware Analysis | Legion Credential Stealer/Backdoor [PowerShell]
https://www.youtube.com/watch?v=aj56VYpbhzQ&feature=youtu.be

Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection
https://www.youtube.com/watch?v=XnN_UWfHlNM&feature=youtu.be&t=905

CTHoW v2.0 - Cyber Threat Hunting on Windows
https://www.peerlyst.com/posts/cthow-v2-0-cyber-threat-hunting-on-windows-huy-kha?trk=explore_page_posts_recent_feed_entry

How to perform Open-Source Intelligence (OSINT)
https://www.peerlyst.com/posts/how-to-perform-open-source-intelligence-osint-chiheb-chebbi

J.物聯網/IOT/人工智慧/車聯網/光聯網/深度學習/機器學習/無人機/人臉辨識
IoT 物聯網隱私被「駭」?UL 分享 IoT 安全評等揭密產品資安能力
http://bit.ly/2OZnRzz

駭入門檻低 居家監看憂隱私外洩
http://bit.ly/35QBAiP

印尼將以 AI 取代兩名高官  望增加政府運作流暢度
https://unwire.hk/2019/12/01/indonesia-will-replace-some-civil-servants-with-ai/fun-tech/

新AI職業誕生!未來75%大型企業必須僱用「人工智慧檢查官」
https://www.bnext.com.tw/article/55773/artificial-intelligence-specialist

IoT安全評等把關連網裝置安全
https://www.eettaiwan.com/news/article/20191202NT12-IoT-security-rating-ensures-connected-device-security

推動更安全的移動服務,從驗證與資安看自駕車發展
http://bit.ly/350IsKs

IoT bills and guidelines: a global response
https://blog.malwarebytes.com/cybercrime/privacy/2019/11/iot-bills-and-guidelines-a-global-response/

Explained: juice jacking
https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/

Top Raspberry Pi alternatives for 2020
https://www.zdnet.com/article/top-raspberry-pi-alternatives-for-2020/#ftag=RSSbaffb68

6.近期資安活動及研討會
 Vue.js 新手村,前端實戰入門 12/7
 https://hackersir.kktix.cc/events/20191112vuejs

 FutureCon Nashville Cyber Security Conference 12/11
 https://infosec-conferences.com/events-in-2019/futurecon-nashville/

 「Log管理 x 營業秘密」研討會 12/11
https://www.accupass.com/event/1911110922137590408650

 Utility Cyber Security Forum December 12/11
 https://infosec-conferences.com/events-in-2019/utility-cyber-security-forum-dec/

 交通大學亥客書院-A018:企業網域控管-Active Directory攻擊與防禦  12/14
 https://hackercollege.nctu.edu.tw/?p=1094

 台灣駭客年會 HITCON Winter Training 2019 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019

 台灣駭客年會 HITCON Winter Training 2019 - 學生報名 12/16
 https://hitcon.kktix.cc/events/hitcon-winter-training-2019-student

 Japan Security Analyst Conference
 https://jsac.jpcert.or.jp/

 PWN2OWN MIAMI – BRINGING ICS INTO THE PWN2OWN WORLD 2020/1/21~23
 https://www.zerodayinitiative.com/blog/2019/10/28/pwn2own-miami-bringing-ics-into-the-pwn2own-world

沒有留言:

張貼留言

2024年 4月份資安、社群活動分享

  2024年 4月份資安、社群活動分享 Secure Code Warrior 線上學資安 - April  2024/4/1 https://www.accupass.com/event/2403250331191212148665 Self-Taught Coding Tu...